This case study examines the security and privacy risks associated with the Department of Administrative Services (DAS) as it migrates to a "Shared Services" approach and moves to SaaS. The analysis identifies existing and new security threats, including data access risks, instability, lack of transparency, identity theft, and malware attacks, considering their likelihood, impact, and priority. It then explores new risks introduced by the move to SaaS, such as immature management identification, weak software standards, secrecy issues, and the risks of accessing data from anywhere. The study also addresses existing and new privacy threats, like high-speed internet requirements, data control, and the impact on employee freedom. It provides a comprehensive risk assessment, including preventive actions and contingency plans for each identified threat, offering a detailed overview of potential vulnerabilities and mitigation strategies to ensure the secure handling of employee data within the DAS environment. The analysis is based on the provided scenario where DAS centralizes various government services, requiring data migration and consolidation.
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
